First published: Tue Feb 05 2019(Updated: )
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Credit: cve@checkpoint.com cve@checkpoint.com
Affected Software | Affected Version | How to fix |
---|---|---|
WinRAR | <=5.61 | |
WinRAR | ||
<=5.61 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20250 is a path traversal vulnerability in WinRAR versions prior to and including 5.61.
CVE-2018-20250 allows an attacker to manipulate the filename field in the ACE format, resulting in a path traversal vulnerability.
Users of WinRAR versions prior to and including 5.61 are affected by CVE-2018-20250.
CVE-2018-20250 has a severity rating of 7.8 (High).
To fix CVE-2018-20250, users should update to a version of WinRAR that is later than 5.61.